How do I use Rate Limiting to protect against brute-force attacks?

A brute-force attack is a attempt to log in to an account by trying many password combinations rapidly in order to compromise security. Because these attacks are sent at a much faster rate than a human being is able to, you can protect your site with a Cloudflare Rate Limiting rule.

You can configure Cloudflare Rate Limiting in the Firewall app under the Tools tab of the Cloudflare dashboard.

Rate Limiting features a one-click Protect Your Login tool that creates a rule to block the client for 15 minutes when sending more than 5 POST requests within 5 minutes. This is sufficient to block most brute-force attempts.